CVE-2021-26608

handysoft groupware arbitrary file download and execution vulnerability

CVSS 8.8 HIGHEPSS 0.6%CWE-353

An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Produtos afetados

handysoft · HShell.dll

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36239